#!/bin/bash
# certbot renew --dry-run(查看续订状态)   certbot renew(续订)
# 撤销证书certbot revoke --cert-path /etc/letsencrypt/archive/域名/cert1.pem  
# 删除证书certbot delete
# 查看证书状态certbot certificates(域名,到期日,证书路径,私钥路径四条信息)
# 00 03 25 * * /usr/bin/certbot renew --quiet 进行定时(参考)
#-------------------nginx的配置-----------------
# server的节点中
#    ssl_certificate /etc/letsencrypt/live/域名/fullchain.pem
#    ssl_certificate_key /etc/letsencrypt/live/域名/privkey.pem
# 然后重启nginx(nginx -s reload)
# 开启443端口并配置listen  443 ssl;
#-------------------nginx的配置-----------------
EMAIL="1024335892@qq.com"
rpm -q epel-release &>/dev/null
if [ $? -ne 0 ]; then
    yum install epel-release -y
fi
rpm -q certbot &>/dev/null
if [ $? -ne 0 ]; then
    yum install certbot -y
fi
rpm -q openssl &>/dev/null
if [ $? -ne 0 ]; then
    yum install openssl -y
fi

# WEB_ROOT(存放网站内容的绝对地址)的举例位置为/usr/local/nginx/html中
read -p "请输入站点根路径: " WEB_ROOT
if [ -z $WEB_ROOT ]; then
    read -p "请输入站点根路径: " WEB_ROOT
fi
echo "站点跟目录为:$WEB_ROOT"
read -p "请输入不带协议的域名: " V_HOST
if [ -z $V_HOST ]; then
    read -p "请输入不带协议的域名: " V_HOST
fi
echo "输入的域名为:$V_HOST"

certbot certonly --webroot -w $WEB_ROOT -d $V_HOST -m $EMAIL --agree-tos 